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What is claimed is: 

1 • An unauthorized access prevention system, including: 
a search unit searching the flowing-in path of 
5 unauthorized access to services disclosed from a user' s 

communication network; 

a determination unit determining a place to 
implement a countermeasure for protecting the services 
from the unauthorized access based on the result of the 
10 search; and 

a notification unit notifying, according, to a 
determination that the countermeasure is implemented 
in the flow source that makes the unauthorized access 
flow into the user' s communication network, the 
15 determination to a flow source. 

2. A recording medium in which a program that directs 
a computer to implement a countermeasure against 
unauthorized access is recorded and in which the program 

20 can be read by the computer, and the program directs 

the computer to perform the following processes by being 
executed by the computer: 

a search process of searching the flowing-in path 
of the unauthorized access to the services disclosed 

25 from the user' s communication network; 
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a determination process of determining the place 
to implement the countermeasure for protecting the 
services from the unauthorized access based on the result 
of the search; and 
5 a notification process of notifying, according to 

a determination that the countermeasure is implemented 
in the flow source that makes the unauthorized access 
flow into the user's communication network, the 
determination to the flow source. 

10 

3 . The recording medium according to claim 2, wherein 
the search process is performed by a computer when 
the unauthorized access is detected. 

15 4 . The recording medium according to claim 2, wherein 

the search process is performed by the computer 
when the detection of the unauthorized access is 
notified. 

20 5. The recording medium according to claim 2, wherein 

the process of searching the flowing-in path is 
performed by the computer based on the monitoring 
information on the traffic transmitted by a user's 
communication network and the unauthorized access 

25 information indicating the contents of the unauthorized 
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access . 

6. The recording medium according to claim 5, wherein 
the monitoring information includes at least the 
5 position information on an edge router arranged on the 

border between the user' s communication network and the 
communication network adjacent to the user's 
communication network and the monitoring information 
on the traffic that flows into the user's communication 
10 network via the edge router. 

7 . The recording medium according to claim 2, wherein 

the process of notifying the determination to the 
flow source after mutual attestation is conductedbetween 
15 the notification unit and the flow source of the 

unauthorized access is performed by the computer. 

8 . The recording medium according to claim 2, wherein 

the process of notifying the determination to the 
20 flow source after information on a security policy for 

the operation of each network is exchanged with the flow 
source that transmits the unauthorized access is 
performed by the computer. 

25 9. The recording medium according to claim 8, wherein 
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information on a security policy is the information 
indicating the time required till the countermeasure 
against the unauthorized access is cancelled after the 
unauthorized access is not detected any more. 

5 

10 • The recording medium according to claim 9, wherein 

when the time indicated by the information on the 
security policy differs between the user' communication 
network and the flow source, a shorter time of the two 
10 is used as the time required till the countermeasure 

against unauthorized access is cancelled after the 
unauthorized access is not detected any more, 

11 • The recording medium according to claim 10, wherein 
15 the process of notifying the flow source of the 

determination and the information indicating the time 
required till the countermeasure against the 
unauthorized access is cancelled after the unauthorized 
access is not detected any more is performed by the 
20 computer. 

12 . The recording medium according to claim 2, wherein 

the process of notifying the flow source of the 
unauthorized access of the determination using the 
25 communication path that differs from the f lowing-in path 
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of the unauthorized access is performed by the computer. 

13 . The recording medium according to claim 2, wherein 
the notification process directs the computer to 
5 perform the process of judging whether, when it is 

determined that the countermeasure is implemented in 
the flow source that makes the unauthorized access flow 
into the user' s communication network, the determination 
is notified to the flow source; 

10 by having the program executed by the computer; 

the unauthorized access countermeasure 
implementation control process that has the 
countermeasure for protecting the services from the 
unauthorized access implemented in the flow source when 

15 it is judged that the determination will not be notified 

to the flow source based on the above notification process 
is further performed by the computer. 

14. The recording medium according to claim 13, wherein 
20 the judgement is made based on the judgement 

information on the flow source that is given in advance. 

15. The recording medium according to claim 2, wherein 
by having the program executed by the computer; 

25 the unauthorized access countermeasure 
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implementation control process that has the 
countermeasure for protecting the services from the 
unauthorized access implemented in the user's 
communication network based on the determination that 
5 said countermeasure is implemented in the user's 

communication network is performed by the computer. 

16 . The recording medium according to claim 15, wherein 

the process of implementing the countermeasure in 
10 the POP (point of presence) edge router to which the 

flow source of the unauthorized access is connected is 
performed by the computer. 

17 . The recording medium according to claim 16, wherein 
15 the process of identifying the POP edge router to 

which the transmitter that transmits the unauthorized 
access is connected based on the information obtained 
from the operation management system that manages the 
operation of the user' s communication network is further 
20 performed by the computer. 

18 . The recording medium according to claim 15, wherein 

by having the program executed by the computer; 
the process of obtaining a notification of the 
25 determination that unauthorized access to the services 
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disclosed from a communication network different from 
the user's communication network is made to flow into 
said other communication network is further performed 
by the computer; and 
5 the process of implementing the countermeasure for 

protecting the services disclosed from said other 
communication network from the unauthorized access 
related to the notification in the user's communication 
network when the notification is obtained by the 
10 notification obtaining process is performed by the 

computer . 

19 . The recording medium according to claim 15, wherein 
the countermeasure implemented by the 

15 unauthorized access countermeasure implementation 

control process is cancelled after the unauthorized 
access is not detected any more and a preset time passes . 

20. The recording medium according to claim 19, wherein 
20 The preset time is set based on the security policy 

on the network operation of both the user' s communication 
network and the other communication network. 

21 . The recording medium according to claim 20, wherein 
25 when the times set between the user' s communication 
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network and the other communication network based on 
the security policy on the network operation of both 
networks differ between both networks, the 
countermeasure is cancelled after the unauthorized 
access is not detected any more and a shorter time of 
the two passes. 

22 . The recording medium according to claim 2, wherein 
by having the program executed by the computer; 
the process- of obtaining a notification of the 
determination that unauthorized access to the services 
disclosed from a communication network different from 
the user' s communication network is made to flow into 
said other communication network is performed by the 
computer; 

the process of searching the flowing-in path of 
the unauthorized access related to the notification in 
the user's communication network when the notification 
is obtained by the notification obtaining process is 
performed by the computer; 

the process of determining the place to implement 
the countermeasure for protecting the services disclosed 
from said other communication network from the 
unauthorized access related to the notification based 
on the result of the search when the notification is 
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obtained by the notification obtaining process is 
performed by the computer; and 

the process of notifying, according to a 
determination that the countermeasure is implemented 
in the flow source that makes the unauthorized access 
related to the notification flow into the user's 
communication network when the notification is obtained 
by the notification obtaining process , the determination 
to the flow source is performed by the computer. 

23 . The recording medium according to claim 22, wherein 
by having the program executed by the computer; 
the unauthorized access countermeasure 
implementation control process that has the 
countermeasure for protecting the services disclosed 
from the user's communication network or the other 
communication network from the unauthorized access 
related to the notification implemented in the 
communication network of the notification source of the 
notification when the notification obtained by said 
notification obtaining process is the same as that 
obtained in the past is further performed by the computer . 

24. The recording medium according to claim 23 , wherein 
the process of notifying the information that 
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uniquely identifies the unauthorized access related to 
the notification when the determination is notified is 
performed by the computer. 

25. The recording medium according to claim 2, wherein 
by having the program executed by the computer; 
the process of recording the history of the 

notification is further performed by the computer. 

26. An unauthorized access prevention method, 



including: £ 
searching the flowing-in path of unauthorized 

access to the services disclosed from the user' s 

communication network; 

determining the place to implement the 

countermeasure for protecting the services from the 

unauthorized access based on the result of the search; 

and 

notifying, according to a determination that the 
countermeasure is implemented in the flow source that 
makes the unauthorized access flow into the user's 
communication network, the determination to the flow 
source . 

27. A computer data signal embodied by a carrier wave 
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and representing a program that directs a computer to 
implement a countermeasure against unauthorized access, 
which, by having the program executed by the computer, 
directs the computer to perform the processes of; 

searching the f lowing-in path of the unauthorized 
access to the services disclosed from the user's 
communication network; 

determining the place to implement the 
countermeasure for protecting the services disclosed 
from the user's communication network from the 
unauthorized access based on the result of the search; 
and 

notifying, according to a determination that the 
countermeasure is implemented in the flow source that 
makes the unauthorized access flow into the user's 
communication network, the determination to the flow 
source . 



